The root user can receive a lot of email, and if left unchecked, this can accumulate into a very large file, which could potentially fill /var.
However, emptying this mailbox can be a pain, especially if the machine is at a remote location, behind a firewall.

This page details a method to securely obtain root's email, via the internet, without using POP3S and without reconfiguring the router.
The process below tunnels the POP3 connection via SSH, this keeps things nice and simple, does not expose the POP3 server to the internet, and
does not open any extra ports on the firewall.
The process below also redirects root's email to another user, this means that root's password does not need to be stored in the POP3 client used to check the mail.

redirecting root's mail

allocate a username and password for the user to receive root's mail, then note these down in a secure location

login to the server as root

create a new user (eg. rootmail) with no special group memberships: type adduser and follow the prompts - set the shell to nologin, use the password allocated earlier

cd /etc/mail

vi aliases

uncomment root line and redirect to our new user - eg. the line should read root:rootmail (spacing is unimportant)

save and exit the editor

cd /etc/mail/

make

copy all of root's existing mail to our new user's mailbox:

cat /var/mail/root >> /var/mail/rootmail

empty root's mailbox:

cat /dev/null > /var/mail/root

test the redirection:

echo "test mail" | mailx -s "test mail" root

The mail should be written to /var/mail/rootmail, while /var/mail/root should remain empty.

Now, root's mail is available for download via POP3, using the unprivileged account "rootmail".

securing the POP3 connection

The above account could be checked as-is, across the internet, if port-forwarding
was set up, however we want to use SSH, this saves us from having to configure SSL support in
our POP3 server and client, and having to set up port-forwarding on the router.

Create the SSH tunnel with PuTTY as follows:

open PuTTY

select the correct session, then click the Load button

go to Connections.. SSH.. Tunnels

enter a local port number (eg. 5110) into the source port box

enter localhost:110 into the destination box

click the Add button

click Session.. Save

close PuTTY

Open your POP3 client software (eg. Thunderbird) and create a new POP3 account with the following settings:

username: rootmail (set this to the account that receives root's mail)

password: (defined when you created the rootmail account)

server: localhost

port: 5110 (or whatever you used for the source port when creating the tunnel in PuTTY)

This done, the rootmail account can be checked with POP3 whenever the SSH tunnel is open.